_  ■  * 
■r  1  •  • 


I  ■« 
i 


•  ''t. 


19   9  7 


Evaluation  of  Internet 
Firewall  Solutions, 
Europe 


INPUT 


Frankfurt  •  London  •  New  York  •  Paris  •  San  Francisco  •  Tokyo  •  Washington  D.C. 


INPUT 


Clients  make  informed  decisions  more  quickly  and  economically  by  using  INPUTs 
services.  Since  1974.  information  technology  (IT)  users  and  vendors  throughout  the 
world  have  relied  on  INPUT  for  data,  research,  objective  analysis  and  insightful 
opinions  to  prepare  their  plans,  market  assessments  and  business  directions,  particularly 
in  computer  software  and  services. 

Contact  us  today  to  learn  how  your  company  can  use  INPUT'S  knowledge 
and  experience  to  grow  and  profit  in  the  revolutionary  IT  world  of  the  1990s. 


Subscription  Services 

•  Infomiation  Services  Markets 

-  Worldwide  and  country  data 

-  Vertical  industry  analysis 

•  Business  Integration  Markets 

•  Systems  Integration  and 
Professional  Services  Markets 

•  Client/Server  Software  Platforms 

•  Outsourcing  Markets 

•  Information  Services  Vendor 
Profiles  and  Analysis 

•  Electronic  Commerce/Internet 

•  U.S.  Federal  Government  IT 
Markets 

•  IT  Customer  Services  Directions 
(Europe) 

Service  Features 

•  Research-based  reports  on  trends, 
etc.  (Over  100  in-depth  reports 
per  year) 

•  Frequent  bulletins  on  events, 
issues,  etc. 

•  5 -year  market  forecasts 

•  Competitive  analysis 

•  Access  to  experienced 
consultants 

•  Immediate  answers  to  questions 

•  On-site  presentations 


Databases 


•  Software  and  Services  Market 
Forecasts 

•  Software  and  Services  Vendors 

•  U.S.  Federal  Government 

-  Procurement  Plans  (PAR) 

-  Forecasts 

-  Awards  (FAIT) 

-  Agency  Procurement  Requests 

(APR) 


Custom  Projects 

For  Vendors-analyse: 

•  Market  strategies  and  tactics 

•  Product/service  opportunities 

•  Customer  satisfaction  levels 

•  Competitive  positioning 

•  Acquisition  targets 

For  Buyers-evaluate: 

•  Specific  vendor  capabilities 

•  Outsourcing  options 

•  Systems  plans 

•  Peer  position 


Other  Services 


Acquisitions/partnerships  searches 


INPUT  Worldwide 

Frankfurt 

Perchstatten  16 
D-35428  Langgons 
Germany 

Tel:  +49  (0)  6403  911420 
Fax:  +49(0)  6403  911413 

London 

Cornwall  House 
55-77  High  Street 
Slough,  Berkshire 
SLl  IDZUK 
Tel:  +44  (0)  1753  530444 
Fax:  +44  (0)  1753  577311 

New  York 

400  Frank  W.  Burr  Blvd. 
Teaneck,  NJ  07666 
U.S.A. 

Tel:  +1  (201)  801-0050 
Fax:  +1  (201)  801-0441 

Paris 

24,  avenue  du  Recteur 

Poincare 

75016  Paris 

Tel: +33  (1)46  47  65  65 
Fax:  +33  (1)46  47  69  50 

San  Francisco 

1881  Landings  Drive 
Mountain  View 
CA  94043-0848 
U.S.A. 

Tel:  +1  (415)961-3300 
Fax:  +1  (415)961-3966 

Tokyo 

6F#B,  Mitoshiro  Bldg 
1-12-12,  Uchikanda 
Chiyoda-ku,  Tokyo  101 
Japan 

Tel:  +81  3  3219  5441 
Fax:  +81  3  3219  5443 

Washington,  D.C. 

1921  Gallows  Road 
Suite  250 

Vienna,  VA  22182  3900 
U.S.A. 

Tel:  +1  (703)  847-6870 
Fax:  +1  (703)  847-6872 


EVALUATION  OF  INTERNET  FIREWALL  SOLUTIONS,  EUROPE 


INPUT 


Abstract 


The  firewall  market  is  evolving  rapidly  -  firewall  products  are  becoming 
commoditised,  and  their  functionality  is  broadening  to  encompass  areas 
not  previously  considered  the  domain  of  firewalls,  such  as  user 
authentication,  virus  detection  and  protection  against  Java/ActiveX 
programs.  As  the  firewall  market  expands,  so  too  do  the  opportunities 
open  to  IT  vendors. 

The  market  is  being  driven  not  only  by  the  increasing  number  of 
organisations  with  permanent  (leased  line)  Internet  connections,  but  also 
by  the  increase  in  usage  of  firewalls  for  internal,  inter-departmental 
protection. 

The  changing  role  of  firewalls,  from  simple  border  guards  to  intelligent, 
context-sensitive  devices  that  perform  multiple  additional  functions  such 
as  encryption  and  user  authentication  is  reflected  by  a  change  in  buyers' 
firewall  usage  and  requirements.  This  report  examines  those  changes  and 
summarises  the  opportunities  open  to  firewall  vendors. 
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Introduction 


A  

Objectives  and  Scope 

The  firewall  market  is  changing  rapidly,  due  to  the  explosion  in  the 
number  of  companies  with  Internet  connections.  The  vast  majority  of 
companies  with  Internet  access  have  a  border  firewall,  and  the  increase 
in  size  of  the  Internet  using  population  has  driven  most  of  the  growth  in 
the  firewall  market  over  the  past  three  years. 

However,  firewall  market  growth  will  be  accounted  for  increasingly  by 
the  use  of  firewalls  within  organisations:  internal  firewalls  deployed  to 
protect  specific  departments  and  departmental  servers  and  applications 
from  internal  misuse  or  attack.  High  takeup  of  internal  firewalls  will 
ensure  annual  market  growth  of  49%  from  1997  to  2002. 

Firewall  technology,  too,  is  changing  rapidly  to  reflect  the  increasing 
number  of  Internet  applications  and  protocols.  Before  the  popularisation 
of  the  Internet,  a  simple  packet  filter  may  have  been  sufficient  protection; 
now,  firewalls  must  be  able  to  filter  traffic  in  the  context  of  the 
application  to  which  it  belongs.  As  Internet  applications  increase  in 
number,  so  too  do  opportunities  for  firewall  vendors. 

The  changing  role  of  firewalls,  from  simple  border  guards  to  intelligent, 
context-sensitive  devices  that  perform  multiple  additional  functions  such 
as  encryption  and  user  authentication  is  reflected  by  a  change  in  buyers' 
firewall  usage  and  requirements.  This  report  examines  those  changes  and 
summarises  the  opportunities  open  to  firewall  vendors. 
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B  

Research  Methodology 

INPUT  interviewed  117  large  UK,  French  and  German  companies  during 
July  1997  across  four  industry  sectors:  banking,  insurance, 
manufacturing  and  retail.  Exhibits  I-l  and  1-2  show  the  sample 
breakdown  by  country  and  industry  respectively. 

The  breakdown  of  industry  sector  within  each  country  was  consistent.  In 
each  country,  10  respondents  were  interviewed  from  each  of  the  four 
industry  sectors,  except  in  France  where  seven  respondents  from  the 
insurance  sector  were  interviewed  (this  accounts  for  the  smaller  sample 
of  both  French  and  insurance  industry  respondents). 

Exhibit  1-1 

Sample  Breakdown  by  Country 


Sample:  117 
Source:  INPUT 
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Most  respondents  represented  their  company  at  a  corporate  or  national 
level.  Exhibit  1-3  shows  the  sample  breakdown  by  respondents'  scope  of 
responsibility. 


Sample  Breakdown  by  Scope  of  Responsibility 


Worldw  ide  1% 


Nationw  ide  38% 


Corp.  HQ  42% 


Sample:  117 
Source:  INPUT 
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c  

Report  structure 

•  Chapter  II — Executive  Summary,  presents  a  summary  of  the  key 
findings  of  this  report,  plus  European  firewall  market  forecasts 

•  Chapter  III — Use  of  Firewall  Products  and  Services,  shows 
patterns  of,  and  reasons  for,  firewall  use,  departmental  usage,  user 
authentication,  and  external  firewall  services 

^'  .,, ■  i ~      '  ^ 

•  Chapter  IV — User  Satisfaction  With  Firewall  Products  and 
Services,  shows  importance  of,  and  users'  satisfaction  with,  firewall 
product,  external  service,  and  vendor  characteristics,  and  problems 
experienced  by  firewall  users 

•  Chapter  V — Buying  Process,  presents  purchase  and  budgeting 
patterns,  product  selection  criteria,  and  future  requirements 
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D  

Related  Reports  and  Research  Bulletins 

•  Internet  Security:  The  Impact  of  Firewalls  on  Client/Server 
Applications,  1995 

•  Enabling  Storefront  Security,  1997 

•  One-Time  Passwords  Address  a  Growing  Problem,  Research 
Bulletin,  1997 
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Executive  Summary 


A  

Market  Growth  will  come  from  Increasing  Internet  Connectivity  and 
Internal  Firewall  Use 

The  market  for  external  ("border")  firewall  products  is  crowded,  and 
penetration  rates  among  networks  connected  to  the  Internet  are 
relatively  high  (see  Exhibit  II-l).  Most  (80%  of)  large  European 
organisations'  LANs  connected  to  the  Internet  are  already  protected  by  a 
border  firewall,  leaving  at  most  20%  open  for  new  sales. 

However,  around  two  thirds  of  LANs  in  large  organisations  are  not 
connected  to  the  Internet  at  all.  In  the  US,  only  23%  of  LANs  are  not 
connected  to  the  Internet.  As  Europe  typically  follows  the  US  in  patterns 
of  Internet  connectivity,  the  overall  market  for  border  firewalls  in  Europe 
will  show  strong  growth,  particularly  over  the  next  three  years. 

Exhibit  11-1 

Breakdown  of  LAN  Internet  Connectivity  and  Firewall  Protection 

Protected  by  Not  protected 


to  Internet:  69% 

Sample:  117 
Source:  INPUT 
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Most  border  firewall  business  in  the  large  enterprise  sector  will  be 
represented  therefore  by  new  sales  for  networks  not  yet  connected  to  the 
Internet. 

While  the  European  border  firewall  market  will  provide  strong 
opportunities  to  vendors,  the  market  for  internal  firewalls  will  show 
higher  growth  in  the  long  term.  Slightly  less  than  half  of  large  European 
organisations  currently  use  internal  firewalls,  and  INPUT  expects  the 
penetration  of  internal  firewalls  to  reach  that  of  border  firewalls,  at  80% 
and  over.  This  is  due  to: 

•  Increasing  implementation  of  Intranets — much  of  the  value  of 
Intranets  is  the  seamless  environment  crossing  private  and  public 
networks  they  enable,  therefore  increased  Intranet  use  results  in 
increased  Internet  access,  not  just  for  information  gathering  but  for 
business  applications. 

•  Increasing  awareness  of  internal  security  risks — despite  concern 
over  highly  publicised  topics  such  as  hacking  over  the  Internet, 
most  security  breaches  are  conducted  internally. 

•  Increasing  availability  of  solutions  specific  to  internal  firewalling 

Within  large  organisations,  departments  concerned  with  sensitive  or 
confidential  internal  corporate  material  are  most  likely  to  use  internal 
firewalls — the  most  common  firewall-using  departments  include  finance, 
corporate  management,  and  administration;  departments  least 
frequently  using  dedicated  firewalls  are  R&D,  sales  and 
logistics/distribution. 

Exhibit  II-2  shows  the  growth  of  the  European  firewall  product  market 
between  1997  and  2002. 
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Exhibit  11-2 


European  Firewall  Product  Market,  1997-2002 


B 


Opportunities  for  Firewall  Product  Vendors 


Firewall  technology  is  in  constant  development,  due  to  increasing  user 
expectations  of  firewall  effectiveness,  greater  use  of  firewalls  for  inter- 
departmental protection,  and  the  subsequent  heightened  need  for  robust 
firewall  management. 

Firewall  technology  is  being  driven  also  in  reaction  to  the  rapidly 
increasing  number  of  Internet  applications  and  protocols  (such  as 
multimedia  formats,  Internet-enabled  business  applications,  and 
increased  interactivity  through  tools  such  as  Java  and  ActiveX),  resulting 
in  increased  requirement  for  application-specific  and  context-sensitive 
firewalling. 

Several  opportunities  for  immediate  firewall  product  development  can  be 
identified  from  this  survey,  as  follows. 
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1.  User  Authentication 

Buyers  have  high  expectations  of  improvements  in  user  authentication, 
particularly  for  users  accessing  private  networks  from  outside  the 
organisation: 

•  Buyers  rate  user  authentication  as  the  second  most  important 
characteristic  of  firewall  products  (its  importance  was  rated 
extremely  highly,  at  4.3  out  of  5).  v 

•  Improved  user  authentication  was  among  the  most  commonly 
describes  ways  in  which  respondents  expected  to  change  their  use 
of  internal  firewalls  over  the  next  twelve  months,  to  control  inter- 
departmental access  to  sensitive  applications  and  data. 

•  The  issue  of  authentication  was  the  joint  most  frequently 
mentioned  feature  that  respondents  felt  were  currently  lacking  or 
implemented  poorly  in  their  firewalls. 

•  Users  expect  to  reduce  drastically  their  use  of  static 
username/password  systems  in  favour  of  more  secure 
authentication  techniques  such  as  hardware/software  tokens  and 
challenge/response — 45%  of  respondents  use  static  passwords  for 
border  firewalls  access  control  currently,  but  only  5%  expect  to  do 
so  in  a  years'  time;  for  internal  firewalls,  the  usage  is  75%  now  and 
24%  expected  use  in  twelve  months. 

2.  Content  Checking 

Content  checking  (protection  against  hazardous  inbound  content)  has  not 
always  been  a  prime  function  of  firewalls,  yet  it  is  rapidly  becoming  one 
of  the  most  critical  issues  facing  buyers: 

•  Content  checking  is  the  most  important  characteristic  of  firewall 
products  to  users  (its  importance  was  rated  extremely  highly,  at 
4.4  out  of  5). 

•  It  was  the  joint  most  frequently  mentioned  feature  that 
respondents  felt  were  currently  lacking  or  implemented  poorly  in 
their  firewalls. 

•  Content  checking  was  the  second  most  important  reason  overall  for 
using  external  firewalls,  that  importance  rated  at  4.3  out  of  5. 
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The  very  high  importance  attached  to  the  issue  by  respondents  indicates 
the  expanding  scope  of  firewall  requirements.  Buyers  are  increasingly 
looking  to  firewalls  to  provide  protection  against  viruses,  Trojan  horses, 
and  self-executing  programs  such  as  malicious  Java  applets. 

3.    Ease  of  Use  Features 

INPUT  expects  firewall  ease  of  use  (for  installation,  configuration,  and 
management)  to  become  a  critical  selling  point  within  two  years.  Firewall 
products  are  rapidly  becoming  commoditised  and  therefore  dropping  in 
price.  Product  value  will  be  provided  through  the  addition  or 
enhancement  of  features  often  not  currently  considered  "core"  elements  of 
^  firewalls.  These  features  include  user  authentication  and  content 

checking,  as  discussed  above,  but  the  most  immediate  need  will  be  for 
improved  ease  of  use  and  management. 

Ease  of  use  is  the  third  most  important  characteristic  of  firewall  products 
to  users  (its  importance  was  rated  highly,  at  4.1  out  of  5),  yet  it  received 
only  an  average  satisfaction  rating  (3.6  out  of  5). 

C   •   

Opportunities  for  Firewall  Service  Vendors 

Exhibit  11-3  shows  firewall  services  mapped  against  market  maturity  of 
service  and  level  of  user  demand: 

•  Installation  and  configuration — mature  service  offering  and  high 
levels  of  usage  (often  packaged  with  product  purchase);  therefore, 
low  opportunity 

•  Planning  and  consultancy — relatively  mature  offering  and  high 
levels  of  usage;  therefore,  low  to  medium  opportunity 

•  Integration  services  (integration  of  firewalls  into  corporate  security 
policy) — low  to  medium  level  of  maturity,  relatively  high  usage, 
relatively  high  demand;  therefore  medium  to  strong  opportunity 

•  Post-event  services — (e.g.  post-virus  clean  up  and  post-breach 
auditing)  low  to  medium  level  of  maturity,  little  usage,  relatively 
high  demand;  therefore  strong  opportunity 

•  Remote  operation  and  management — immature  offering,  low  usage 
levels,  and  low  demand;  therefore,  little  immediate  opportunity 
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Post-event  services  offer  particularly  strong  opportunities  for  well- 
positioned  vendors:  while  only  12%  of  respondents  claimed  to  use  them, 
they  are  considered  the  second  most  desirable  service  by  non-service- 
users.  Users  rate  their  satisfaction  with  post-event  services  poorly, 
however,  creating  opportunities  for  new,  enhanced,  or  re-branded 
offerings. 

Exhibit  11-3 

Medium-Term  Firewall  Services  Opportunities 


Maturity 


Demand 


Source:  INPUT 


P  

Firewall  Product  User  Satisfaction 

The  three  highest-rated  firewall  product  characteristics  (Exhibit  11-4),  are 
all  concerned  with  functional  content  checking,  user  authentication  and 
data  encryption.  Most  of  the  lowest  rated  characteristics  (Exhibit  II-5) 
are  concerned  with  non-functional  issues:  cost,  scalability,  and  impact  on 
performance. 

As  a  result  of  the  growing  use  of  firewalls  for  internal  protection,  cost  and 
scalability  will  have  an  increasingly  important  effect  on  firewall  vendors' 
ability  to  keep  or  establish  their  position  in  the  large  enterprise  market. 
Cost  becomes  a  more  sensitive  issue  due  to  the  greater  number  of 
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firewalls  required  to  protect  individual  departments  as  opposed  to  the 
enterprise  as  a  whole,  and  the  end-user  charging  for  firewall  products 
and  operations  that  will  take  place  as  firewalls  become  distributed 
throughout  user  organisations. 

Similarly,  scalability  will  become  a  more  sensitive  issue  as  organisations 
not  only  require  large  user  numbers  to  be  supported  by  a  border  firewall, 
but  also  varied  and  variable  numbers  of  users  to  be  supported  by 
internal,  inter-departmental  firewalls. 

Related  to  scalability  is  the  impact  of  firewall  operation  on  network 
performance,  the  lowest  rated  characteristic.  As  the  number  of  users 
connecting  to  the  Internet  and  internal  departments  and  resources 
increases,  and  the  changing  nature  of  network  use  creates  higher 
volumes  of  traffic  (either  through  changing  application  use  such  as 
multimedia  and  conferencing,  or  through  changing  network  topology  and 
client/server  models  such  as  Intranets  and  Network  Computers),  this 
problem  will  worsen  unless  vendors  address  firewall  performance. 


Exhibit  11-4 


Characteristics  Receiving  Highest  Satisfaction 
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Exhibit  11-5 


Characteristics  Receiving  Lowest  Satisfaction 


Exhibit  11-6  shows  firewall  characteristics  plotted  by  importance  and  user 
satisfaction.  Vendors  should  focus  on  characteristics  towards  the  bottom- 
right  corner  of  the  chart,  below  the  dotted  line,  those  regarded  as 
relatively  important,  but  which  do  not  currently  satisfy  users  highly, 
such  as  impact  on  performance  and  ease  of  use. 
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Exhibit  11-6 


Importance  Vs  Satisfaction  of  Firewall  Characteristics 
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The  most  severe  problem  encountered  by  users  (Exhibit  II- 7)  correlates  to 
the  above  chart.  Firewalls'  effect  on  network  performance  is  an  important 
consideration  for  users,  but  is  rated  poorly  as  well  as  being  the  most 
severe  problem. 

Budget  constraints  relate  only  partly  to  product  cost  (while  cost  is  the 
second  lowest  rated  feature  of  firewalls,  it  is  also  one  of  the  less 
important  characteristics).  Budget  problems  are  due  less  to  pricing  than 
to  internal  issues,  and  therefore  less  easily  addressed  by  vendors. 

It  is  encouraging  to  note,  however,  that  no  problem  appears  exceptionally 
widespread  or  severe,  and  that  vendor  and  product  recognition  and 
availability  are  the  least  severe  problems. 
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Exhibit  11-7 


Severity  of  Users'  Firewall  Problems 
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E  

Develop  a  Full  Range  of  Products  and  Services 

INPUT  expects  vendors  with  a  full  range  of  firewall  products  and  services 
to  achieve  greatest  future  success  in  the  large  enterprise  sector: 


•  Firewall  product  usage  is  diversifying — use  of  internal  firewalls  is 
increasing,  and  functionality  requirements  are  broadening  to 
include  user  authentication,  data  encryption,  and  content  checking. 

•  Use  of  firewall  services  is  increasing — 88%  of  respondents  expect  to 
maintain  or  increase  their  existing  use  of  firewall  services  in  the 
short  term,  for  the  reasons  given  for  market  growth  above:  rapid 
increase  in  the  proportion  of  LANs  connecting  to  the  Internet  and 
in  the  use  of  internal  firewalls. 
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•  Overall,  buyers  prefer  to  procure  products  and  services  from  a 
single  supplier — around  three  quarters  of  users  prefer  a  "one  stop 
shop"  as  opposed  to  a  "mix  and  match"  buying  policy  for  firewall 
products,  and  half  prefer  a  one  stop  shop  approach  for  firewall 
services. 

While  there  is  little  current  demand  for  late-life  cycle  firewall  services 
(operation  and  remote  management  services),  INPUT  expects  a  viable 
market  to  emerge  within  the  next  three  years,  primarily  in  the  SME 
sector. 

Among  large  organisations,  firewall  vendors  that  cannot  adequately 
address  internal  firewall  requirements — products  and  services — will  not 
flourish. 
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Use  of  Firewall  Products  and 
Services 


A  

Internal  and  External  Firewall  Use 

Most  corporate  LANs  in  large  European  organisations  are  not  connected 
to  the  Internet.  Of  the  31%  that  are,  most  (80%)  are  protected  by  a  border 
firewall.  Exhibit  lll-l  shows  the  breakdown  of  LAN  connections  overall 
and  by  country. 

Exhibit  III-1 

Breakdown  of  LANs  by  Internet  Connections  and  Firewall  Use 
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The  market  for  border  firewalls  is  crowded,  but  there  is  still  room  for 
growth.  While  80%  of  Internet-connected  LANs  use  a  firewall  currently, 
that  figure  will  tend  to  (if  not  quite  reach)  100%,  hence  providing  new 
sales  to  firewall  vendors.  However,  greater  growth  will  be  achieved  in  the 
portion  of  the  market  not  currently  connected  to  the  Internet,  totalling 
nearly  70%  of  LANs.  ,         ;  . 

While  the  proportion  of  LANs  connected  to  the  Internet  may  never  reach 
100%,  it  is  worth  comparing  the  situation  in  European  with  that  in  the 
US — there,  77%  of  LANs  in  large  organisations  are  connected  to  the 
Internet,  compared  with  31%  in  Europe.  As  the  US  is  typically  12  to  24 
months  ahead  of  Europe  in  takeup  of  Internet  access  and  technology,  the 
increase  in  Internet  LAN  connections  in  Europe  will  be  high,  although  it 
will  always  lag  behind  the  US  due  to  the  less  homogenous  nature  of 
European  business  (which  the  introduction  of  European  Monetary  Union 
and  ongoing  federalisation  can  address  only  slowly). 

Exhibit  III-2  shows  the  proportion  of  respondents  using  external 
("border")  and  internal  (inter-departmental)  firewalls.  While  5%  of 
respondents  do  not  use  external  firewalls,  they  may  not  currently  operate 
an  Internet  connection  but  instead  use  internal  firewalls  for  protecting 
department-specific  applications  and  data.  (While  95%  of  respondents  use 
border  firewalls,  not  all  of  their  Internet-connected  LANs  are  protected 
by  a  firewall,  as  illustrated  in  Exhibit  II- 1.) 

Internal  firewalls  appear  to  be  less  commonly  used  in  France:  32%  of 
French  respondents  claimed  to  use  internal  firewalls  compared  with  48% 
of  UK  and  43%  of  German  respondents. 

Similarly,  internal  firewalls  are  less  commonly  used  in  the  retail  industry 
(20%),  particularly  when  compared  with  banking  (53%)  and  insurance 
(56%). 

The  market  for  internal  firewalls  will  grow  at  a  faster  rate  than  that  for 
border  firewalls,  due  to  their  smaller  starting  base,  an  increased 
awareness  of  the  need  for  internal  protection,  and  increasing  availability 
of  products  and  services  specific  to  internal  use. 
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Exhibit  III-2 


Use  of  Border  and  Internal  Firewalls 
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Use  of  Firewall  Products  by  Vendor 


One  vendor,  Checkpoint,  accounts  for  nearly  half  of  all  firewalls  used  by 
respondents  (Exhibit  III-3  shows  the  breakdown  of  firewall  vendors 
mentioned).  Checkpoint  is  relatively  more  popular  in  the  UK  than  in 
France  and  Germany,  (named  by  nearly  58%  of  respondents)  and  in  the 
insurance  sector  than  in  other  industries  (named  by  66%  of  respondents). 

Many  respondents  did  not  name  their  firewall  product  or  vendor,  due 
possibly  to  unease  at  identifying  a  critical  security  point  within  their 
organisation. 

INPUT  expects  the  major  established  firewall  vendors  to  keep  their  share 
of  the  market.  The  second  most  important  purchasing  criteria  rated  by 
users  is  the  strength  of  a  product's  existing  market  share,  and  the  third 
most  important  is  whether  the  user  has  worked  with  the  vendor  in  the 
past,  both  of  which  ensure  that  established,  high-volume  products  will 
continue  to  succeed  in  the  market.  New  and  emerging  firewall  product 
vendors  will  find  it  difficult,  therefore  to  enter  the  large  enterprise 
firewall  market. 
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Exhibit  III-3 


Firewall  Product  Use  by  Vendor 
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Reasons  for  Firewall  Use 


1.    Reasons  for  External  Firewall  Use 

Exhibit  III-4  shows  the  reasons  for  using  external  firewalls  and  their 
relative  importance  in  users'  purchasing  decisions.  Protection  against 
theft  or  corruption  of  sensitive  corporate  data  is  considered  a  relatively 
more  important  issue  than  protection  against  access  to  systems  and 
applications  themselves,  although  this  rating  is  still  very  high  at  4.2. 
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Protection  against  hazardous  inbound  content  has  not  always  been  a 
prime  function  of  firewalls,  and  the  importance  attached  to  the  issue  by 
respondents  indicates  the  expanding  scope  of  firewall  requirements. 
Buyers  are  increasingly  looking  to  firewalls  to  provide  protection  against 
viruses,  Trojan  horses,  and  self-executing  programs  such  as  malicious 
Java  applets.  The  importance  of  this  issue  is  already  rated  very  highly,  at 
4.3,  and  firewall  vendors  must  implement  a  strategy  for  content  checking. 

There  was  no  significant  difference  between  countries. 

The  greatest  differences  between  industries  were: 

•  The  importance  given  to  protection  of  applications  and  systems  (as 
opposed  to  data),  which  was  rated  highly  by  banking  (4.6), 
insurance  (4.3)  and  retail  (4.4),  but  only  of  average  importance  by 
the  manufacturing  industry,  at  3.5. 

•  The  difference  between  the  banking  and  retail  sectors  in  the 
importance  attached  to  controlling  employee  use  of  the  Internet — 
rated  at  3.6  by  banking  and  2.6  by  retail  respondents.  While  even  a 
low  average  such  as  2.6  can  include  a  significant  number  of 
respondents  rating  the  issue  at  4  or  5,  this  is  not  the  case  here: 
69%  of  retail  respondents  rated  the  issue  at  2  or  3,  and  only  17%  at 
4  or  5. 
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Exhibit  III-4 


Reasons  for  External  Firewall  Use  (Ail  Respondents) 
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2.    Reasons  for  Internal  Firewall  Use 

Thirty  three  respondents  stated  their  reasons  for  deploying  internal 
firewalls.  Their  reasons,  in  addition  to  general  protection  of  databases 
and  applications,  were: 

•  Departmental-level  control  of  user  access  and  authorisation — 12 
users  stated  the  need  to  control  access  to  internal  resources  on  an 
individual  user  or  departmental  level.  Granularity  of  access  control 
is  also  achieved  through  network  operating  systems,  but  clearly  a 
significant  proportion  of  users  want  additional  control  on  the 
firewall. 

•  Intranets,  Network  Computers,  and  Java — eight  users  were 
implementing  internal  firewalls  as  part  of  their  Intranet 
development  and  perceived  a  need  for  greater  security  as  their 
internal  use  of  Internet  technologies  and  platforms  increased. 

•  Protection  against  internal  spread  of  viruses — mentioned  by  six 
respondents  who  wanted  to  stem  the  spread  of  viruses  once  they 
had  entered  the  organisation 
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•  Recognition  that  most  security  breaches  are  internal,  not 
external — five  respondents  stated  that  they  believed  the  internal 
risk  was  as  great  or  greater  than  the  external  risk. 

•  Second  line  of  defence,  or  increased  reliability  and  resilience — four 
users  stated  the  extra  reassurance  gained  from  a  second  line  of 
defence  should  a  border  firewall  grant  access  erroneously  to  an 
unauthorised  user. 

•  Protection  against  contractors  and  other  temporary  staff — one 
respondent  highlighted  the  large  number  of  on-site  contractors  as  a 
recognised  security  risk  to  be  addressed. 

It  is  interesting  to  note  that  no  respondent  mentioned  encryption  of  inter- 
departmental email  as  a  reason  for  deploying  internal  firewalls,  but  that 
this  was  the  most  common  reason  among  US  respondents  for  such 
activity.  INPUT  expects  that  internal  email  encryption  will  become  a 
firewall  selling  point  in  Europe  within  the  next  two  years,  even  though  it 
appears  not  to  be  a  major  issue  currently. 


Usage  by  Organisational  Function 

,  Despite  the  attention  paid  to  Internet  security  over  the  past  few  years, 

which  has  tended  to  concentrate  on  such  newsworthy  risks  as  hacking 
and  industrial  espionage,  most  security  breaches  are  perpetrated  by 
insiders.  The  internal  role  that  firewalls  have  to  play  is  being  made 
increasingly  possible  by  the  growing  use  of  TCP/IP  as  the  common 
corporate  network  architecture.  As  more  organisations  adopt  Intranets, 
so  their  internal  network  architecture  matches  up  with  the  public 
Internet,  enabling  many  types  of  equipment  and  software,  not  just 
firewalls,  to  operate  internally  as  well  as  on  the  borders. 

The  growth  of  Intranets  will  open  up  considerable  opportunities  to 
firewall  vendors,  whose  core  technology  can  be  applied  equally  well 
internally  as  well  as  externally. 

Exhibit  I1I-5  shows  the  use  of  dedicated  firewalls  by  department  across 
all  surveyed  countries  and  industries.  Exhibits  111-6  to  III-9  show  usage 
by  industry  sector.  There  were  no  great  differences  between  countries.  As 
might  be  expected,  areas  dealing  in  corporate  confidential  and  sensitive 
information  head  the  list:  finance,  corporate  management  and 
administration  are  three  of  the  top  four  departments.  These  areas  are  all 
likely  to  experience  attempts  at  unauthorised  access  from  internal  as  well 
as,  if  not  more  than,  external  sources. 
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Due  to  the  obvious  sensitivity  and  confidentiality  of  its  data  and 
applications,  the  banking  sector  currently  makes  significantly  more  use 
of  internal  firewalls  than  do  other  industries  (although  the  relative 
breakdown  of  internal  firewall  usage  is  similar  across  all  sectors).  As 
with  many  new  technology  areas,  the  banking  industry  is  an  early 
adopter,  and  its  use  of  internal  firewalling  will  be  echoed  across  other 
industries  over  time. 


Exhibit  III-5 


Dedicated  Firewall  Use  by  Department  (Ali  Respondents) 
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Exhibit  III-6 


Dedicated  Firewall  Use  by  Department  (Banking) 
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Exhibit  III-7 


Dedicated  Firewall  Use  by  Department  (Insurance) 


Finance 


Administration 


26% 


a> 
E 
t 
«> 
a. 


15% 


Customer  service 



IS 

7% 

Corporate  management 

4% 

Human  resources 

4% 

Marketing 

4% 

11% 


Logistics  /  distribution  I  0% 


Product  development  /  R&D 


Sales 


0% 


0% 


H  \  1  \  1  1  1 

0%  5%  10%  15%  20%  25%  30% 

Proportion  of  Respondents 

Sample:  27 
Source:  INPUT 


28 


©  1997  by  INPUT  Reproduction  Prohibited 


EI27E 


EVALUATION  OF  INTERNET  FIREWALL  SOLUTIONS,  EUROPE 


INPUT 


Exhibit  III-8 


Dedicated  Firewall  Use  by  Department  (Manufacturing) 
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Exhibit  III-9 


Dedicated  Firewall  Use  by  Department  (Retail) 
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E  

Location  of  Firewall 

Three  potential  firewalling  scenarios  were  presented  to  respondents  in 
order  to  evaluate  their  desirability: 

1.  All  firewalling  is  handled  by  the  network  server  operating  system — 
this  is  the  scenario  closest  to  the  current  situation  in  most 
organisations,  where  the  firewall  sits  on  or  alongside  a  network  server. 
In  this  scenario,  however,  the  firewall  would  be  an  integrated  part  of 
the  network  operating  system. 

2.  All  firewalling  is  handled  by  routers/switches — in  this  scenario, 
firewalling  is  performed  by  firmware  or  hardware  on  low-level 
networking  equipment  in  order  to  take  the  load  off  the  network  server 
and  to  simplify  its  operation. 

3.  External  firewalling  is  handled  by  ISP — this  scenario  is  the  most 
progressive  of  the  three  and  views  firewalling  as  a  service  provided  by 
an  external  partner  such  as  ISP  or  network  services  supplier.  For 
incoming  traffic,  firewalling  occurs  before  the  traffic  reaches 
customer's  site. 

Exhibit  111-10  shows  the  desirability  of  these  three  firewall  methods. 
Among  larger  organisations  (such  as  those  represented  in  this  survey), 
the  most  desirable  firewalling  method  is  the  one  closest  to  that  currently 
in  most  widespread  use:  the  firewall  sits  on  or  alongside  a  network 
server,  and  filters  traffic  at  the  point  of  entry  to  the  network. 

Firewalling  built  into  the  low-level  infrastructure  of  a  network  is  almost 
as  desirable — firewalling  at  the  router  or  switch  is  rated  at  3.2 — although 
most  current  router  firewalling  is  little  more  than  packet  filtering. 
INPUT  expects  this  level  of  firewalling  to  decrease,  as  the  need  for 
context-sensitive,  application-specific  firewalling  and  ease  of  firewall 
management  increases. 

While  INPUT  foresees  a  future  market  for  ISP-provided  firewall  services 
among  smaller  organisations,  such  a  service  is  clearly  not  in  demand 
currently  among  those  large  organisations  interviewed,  rated  at  only  2.0 
out  of  five. 
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Country  differences  were  as  follows: 


•  French  respondents  were  less  enthused  by  the  prospect  of  all 
firewalling  being  conducted  by  the  network  operating  system, 
rating  the  desirability  of  that  method  at  2.6  compared  with  3.6 
from  UK  and  German  respondents 

•  UK  respondents  were  similarly  less  positive  about  firewalling  by 
ISPs,  rating  the  issue  at  1.7  compared  with  2.1  for  France  and  2/3 
for  Germany.  ^ 

Respondents  in  manufacturing  rated  each  method  lower  than  did 
respondents  in  other  industries,  particularly  network  operating  system 
firewalling  (rated  at  2.7  compared  with  the  average  of  3.3). 


Exhibit  111-10 


Desirability  of  Different  Firewalling  Methods 
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Exhibit  III- 11  shows  common  methods  of  Internet  connectivity  for 
organisations  with  geographically  dispersed  branch  offices: 

1.  Branch  1  connects  to  the  same  ISP  as  does  the  corporate  HQ,  but 
using  a  separate  ISP  connection  specific  to  that  branch 

2.  Branch  2  connects  to  a  different  ISP,  via  its  own  connection,  and 
communicates  with  HQ  over  the  public  Internet. 
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3.  Branch  3  connects  to  HQ  over  a  private  WAN  and  accesses  the 
Internet  through  the  HQ's  Internet  gateway. 

Each  branch  could  potentially  use  any  of  the  above  three  methods  of 
firewalling,  although  INPUT  expects  the  likelihood  of  external  (ISP) 
firewalling  to  be  higher  among  smaller  companies  or  branches  (for 
example,  Branch  3). 

Exhibit  111-11 

Common  Methods  of  Internet  Connectivity 


Source:  INPUT 
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User  Authentication 

Exhibit  III- 12  shows  the  methods  used  by  respondents  for  authentication 
of  external  users  currently  and  in  one  year's  time.  Exhibit  III- 13  shows 
the  same  for  internal  users. 

The  most  notable  result  is  the  expected  decrease  in  the  use  of  traditional 
username  and  password  combinations.  Pre-defined  (whether  chosen  by 
the  user  or  allocated  by  IS)  and  static  (non-changing)  passwords  do  not 
provide  adequate  security  for  all  but  the  most  trivial  applications.  The 
ways  in  which  static  passwords  can  be  compromised,  whether  through 
technological  means,  negligence,  or  observation,  are  numerous  and  easy 
enough  to  accomplish  to  render  them  almost  worthless. 

Buyers  expect  to  replace  much  reliance  on  static  passwords  with 
increased  use  of  software  and  hardware  tokens,  and  to  a  lesser  extent, 
challenge/response  systems.  Even  over  one  year,  the  use  of  static 
passwords  for  authenticating  users  outside  the  corporate  network  is 
expected  to  drop  to  negligible  levels.  Whether  this  decrease  in  use  will 
occur  in  practice  over  such  a  short  period  is  doubtful,  but  it  clearly 
indicates  users'  wishes. 

User  authentication  is  the  second  most  important  characteristic  of 
firewall  products  (shown  in  Exhibit  IV- 1,  Importance  of  Firewall  Product 
Characteristics),  and  vendors  must  meet  buyers'  expectations  by 
embedding  authentication  into  firewall  products. 
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Exhibit  111-12 


Methods  of  Authentication  for  External  Users  (All  Respondents) 
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Exhibit  111-13 


Methods  of  Authentication  for  Internal  Users  (All  Respondents) 
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Reasons  for  Using  External  Firewall  Services 


Fifty  respondents  stated  their  reasons  for  using  external  firewall  services 
as  opposed  to  in-house  staff  (see  Exhibit  111-14).  The  most  common 
reasons  are  clearly  lack  of  required  skills  or  available  resources 
internally. 

Four  respondents  gave  a  reason  unique  to  security-related 
developments — that  they  did  not  want  internal  staff  to  know  the  finer 
details  of  implementation.  One  respondent  stated  that  IS  staff  are 
sometimes  the  cause  of  security  problems. 

Only  three  out  of  50  respondents  stated  the  need  to  implement  a  firewall 
solution  quickly  and  reliably  as  a  primary  reason  for  sourcing  services 
externally.  These  respondents  did  not  admit  to  a  lack  of  ability  to  perform 
these  functions  internally,  but  rather  were  using  outside  services  as  a 
foundation  for  future  firewall  use. 


Exhibit  111-14 


Reasons  for  Using  External  Firewall  Services 
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Use  of  Firewall  Services 

Exhibit  III- 15  shows  the  use  of  firewall-related  services  by  all 
respondents. 

The  only  significant  difference  between  countries  was  in  usage  of 
operator  training  services.  Such  services  are  used  by  35%  of  French  and 
30%  of  Germans  respondents,  but  by  only  eight  percent  of  UK 
respondents. 

A  higher  proportion  of  respondents  from  the  banking  sector  have  used 
external  firewall  services  than  have  respondents  from  other  sectors, 
notably  installation/configuration  (used  by  60%),  security  policy 
integration  (used  by  53%)  and  planning/consultancy  (used  by  47%). 
Exhibits  111-16  to  111-19  show  the  use  of  services  by  industry. 
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Exhibit  111-15 


Use  of  Firewall  Services  (AN  Respondents) 
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Exhibit  111-16 


Use  of  Firewall  Services  (Banking) 
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Exhibit  111-17 


Use  of  Firewall  Services  (Insurance) 
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Exhibit  111-18 


Use  of  Firewall  Services  (Manufacturing) 
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Exhibit  111-19 


Use  of  Firewall  Services  (Retail) 
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Relatively  few  respondents  per  country  named  their  service  provider. 
Exhibit  III-20  shows  which  vendors  were  named  for  each  service  (number 
of  mentions  are  in  parentheses). 
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Exhibit  111-20 


Vendors  Used  for  External  Firewall  Services 
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User  Satisfaction  with  Firewall 
Products  and  Services 


A  

Importance  of  Firewall  Product  Characteristics 

Exhibit  IV- 1  shows  the  importance  placed  by  users  on  several 
characteristics  of  firewall  products.  There  was  no  significant  difference 
between  UK,  France  and  Germany. 

Data  encryption  is  particularly  important  to  the  banking  industry  (rated 
at  4.4  compared  with  the  average  of  3.5,  and  significantly  less  important 
to  manufacturing  and  retail  (both  industries  rate  the  importance  of  data 
encryption  at  only  2.9). 

Content  checking  and  user  authentication  are  both  extremely  important 
characteristics  overall,  yet  they  are  both  non-core  attributes  of  firewalls. 
Such  non-core  features  will  become  critical  differentiators  in  the  firewall 
market,  due  not  only  to  the  importance  attached  to  them  by  users  (as 
Exhibit  IV- 1  indicates),  but  also  to  the  commoditisation  of  and  resultant 
decreasing  prices  of  firewall  products. 

Commoditisation  is  well  underway  already  in  the  firewall  market,  and 
this  is  reflected  in  the  importance  attached  to  cost  by  users:  while  of 
average  importance,  at  3.1  out  of  5,  it  is  rated  at  just  10th  out  of  12 
characteristics. 

Vendors  must  develop  and  promote  non-core  attributes  of  firewall 
products  such  as  ease  of  use,  added  security  features  including 
encryption  and  user  authentication,  and  content  checking.  Such  features 
will  quickly  become  core  attributes  of  firewalls. 
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Exhibit  IV-1 


Importance  of  Firewall  Product  Characteristics  (All  Respondents) 
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B  

Firewall  Product  Satisfaction 

Exhibit  IV-2  shows  how  satisfied  firewall  users  are  with  the  above 
firewall  product  characteristics.  The  two  highest  ratings  are  given  to  the 
two  characteristics  rated  most  important — content  checking  and  user 
authentication — indicating  a  good  correlation  between  users'  expectations 
and  delivery. 

Existing  firewall  users  are  least  satisfied  with  the  impact  of  firewall 
operation  of  network  performance,  although  this  issue  was  rated  as  being 
of  medium  importance  (sixth  most  important  out  of  12  characteristics) 

There  was  no  significant  difference  between  countries.  Differences 
between  industry  sectors  were  as  follows: 

•  The  manufacturing  industry  was  relatively  less  satisfied  with  the 
characteristic  of  data  encryption,  particularly  compared  with  the 
banking  sector,  rating  it  at  3.2  compared  with  4.1  from  banking 
(the  retail  industry  also  rated  this  characteristics  relatively  lowly, 
at  3.4) 

•  The  banking  industry  is  relatively  less  satisfied  with  firewall 
impact  on  network  performance,  rating  the  issue  at  only  2.5 
compared  with  3.5  for  insurance  and  3.3  for  retail. 
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Exhibit  IV-2 


Satisfaction  with  Firewall  Product  Characteristics  (All  Respondents) 
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Importance  and  Satisfaction  Comparison 


Satisfaction  with  firewall  characteristics  can  be  compared  with  the 
importance  given  to  them  by  users.  Exhibit  IV-3  shows  firewall 
characteristics  plotted  by  importance  and  user  satisfaction.  Vendors 
should  focus  on  characteristics  towards  the  bottom-right  corner  of  the 
chart,  below  the  dotted  line,  those  regarded  as  relatively  important,  but 
which  do  not  currently  satisfy  users  highly — including  network 
performance  issues  and  ease  of  use. 
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Network  performance  can  become  a  critical  issue  where  Intranets, 
Network  Computers  and  other  Internet  technologies  are  in  use.  Such 
technologies  tend  to  increase  users'  reliance  on  servers  and  networks  due 
to  the  de-localising  of  applications  and  data,  and  so  increase  sensitivity  to 
heavy  traffic.  Performance  will  potentially  also  suffer  more  due  to  the 
increased  use  of  internal  firewalls  for  access  control  at  the  departmental, 
not  just  enterprise,  level.  The  performance  problem  will  increase, 
therefore,  and  firewall  vendors  must  address  this  issue  with  some 
urgency. 

Ease  of  use  will  become  a  critical  differentiator  between  firewall  products 
in  the  near  future  (within  two  years),  due  to  the  commoditisation  of 
firewall  products  and  resultant  decreasing  cost.  Value  will  be  added 
through  currently  non-core  features,  and  ease  of  use  and  management  is 
one  of  the  first  of  such  features. 


Exhibit  IV-3 
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Satisfaction  with  Firewall  Services 


Relatively  few  respondents  of  the  total  sample  of  117  have  used  external 
firewall  services,  compared  with  products.  Exhibit  IV-4  shows  the 
average  satisfaction  ratings  given  to  each  service  type  (only  services  rated 
by  ten  or  more  respondents  are  listed). 

Satisfaction  ratings  are  mediocre  overall,  with  post-event  services 
receiving  a  particularly  low  rating.  Quality  of  post-event  services  is 
critical,  due  to  the  urgency  and  sensitivity  of  a  post-event  situation  (and 
can  be  classed  a  business  continuity  service,  with  which  such  a  service 
overlaps),  this  rating  does  not  indicate  satisfactory  performance. 
However,  the  sample  of  respondents  rating  satisfaction  with  post-event 
services  was  small,  at  eleven  users,  and  so  this  rating  should  be 
considered  an  indicator,  not  a  precise  measurement. 


Exhibit  iV-4 


Satisfaction  With  Firewall  Services  (All  Respondents) 
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Problems  Experienced 


No  single  problem  is  particularly  prevalent  among  firewall  users.  Exhibit 
IV-5  shows  the  severity  of  problems  experienced  by  users,  and  shows  low 
levels  overall. 


Exhibit  IV-5 


Severity  of  Users'  Firewall  Problems 
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The  most  severe  problem  is  firewall  impact  on  network  performance.  This 
problem  was  also  indicated  in  respondents'  ratings  of  satisfaction  with 
firewall  product  characteristics,  where  impact  on  network  performance 
was  rated  worst.  Clearly  firewalls  are  perceived  as  burdensome  in  terms 
of  creating  network  traffic  problems. 

The  next  most  severe  problem  is  budget  constraints,  and  it  should  be 
noted  that,  for  border  firewalls,  the  apparent  severity  is  likely  to  decrease 
over  time  as  firewalls  drop  in  price — the  sample  of  respondents  in  this 
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survey  will  include  organisations  whose  firewalls  were  purchased  when 
products  were  considerably  more  expensive  than  they  are  currently. 

However,  budget-related  problems  are  likely  to  increase  where  internal 
firewalls  are  concerned.  While  the  price  of  individual  products  is  low,  and 
discounts  will  be  applied  for  large  accounts'  multiple  purchases,  the  total 
cost  of  firewalls  to  a  large  organisation  will  increase.  Higher  overall  costs 
will,  in  addition,  be  exacerbated  by  the  nature  of  future  firewall 
deployment — internal  firewalls  will  be  funded  partly  from  departmental 
budgets,  where  IS  charges  for  operational  and/or  capital  costs,  thereby 
fragmenting  firewall  budgets. 

There  was  no  major  difference  between  countries.  Apparent  differences 
between  industries  were: 

•  The  banking  sector  appeared  the  experience  more  severe  problems 
with  impact  on  network  performance  than  did  other  industries, 
rating  the  severity  at  3.1  compared  with  the  average  of  2.6. 

•  The  insurance  industry  appeared  to  find  greater  difficulties  in 
identifying  a  suitable  firewall  vendor,  rating  the  severity  at  2.3 
compared  with  the  average  of  1.7 
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Buying  Process 


A  

Budgeting  and  Expenditure 

Firewalls  are  seen  predominantly  as  an  IS  purchase;  there  are  few 
apparent  budgets  dedicated  to  security.  Sixty  four  respondents  stated  the 
source  of  their  firewall  budgets.  Of  those  respondents: 

•  Forty  five  (70%)  purchase  firewalls  through  their  central  IS  budget 

•  Fourteen  (22%)  purchase  firewalls  through  either  a  specific  IS 
security  budget,  or  a  dedicated  corporate  security  budget 

•  The  remaining  eight  percent  stated  that  firewalls  are  costed 
through  departmental  budgets 

Respondents'  current  budgets  as  shown  above  reflect  border  firewall 
spending.  INPUT  expects  that  firewall  budgets  will  fragment  through 
user  organisations  in  line  with  the  increased  deployment  of  internal 
firewalls.  Departments  whose  data  or  systems  are  protected  by  a 
dedicated  firewall  will  be  charged  by  IS  for  operational  costs,  and  capital 
costs  will  be  met  by  IS  or  by  both  IS  and  individual  departments. 

B  

Firewall  Product  Purchase  Sources 

Exhibit  V-1  shows  there  is  clear  demand  for  single  vendor  sourcing  of 
firewall  products.  There  was  no  difference  in  preferences  between 
industry  sectors. 

Vendors  with  high  existing  market  share  in  border  firewalls  therefore 
have  a  headstart  in  the  internal  firewall  market,  as  most  buyers  will 
prefer  to  opt  for  a  single  vendor  solution.  This  is  reinforced  by  the  finding 
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that  a  product's  existing  market  share  is  the  second  most  important 
purchase  criterion  among  respondents  (see  Exhibit  V-6,  Importance  of 
Firewall  Product  Selection  Criteria). 

Vendors  looking  to  enter  the  large  enterprise  firewall  market  should  not 
target  only  border,  or  only  internal,  firewalls.  Organisations  with  an 
existing  border  firewall  will  look  to  their  existing  vendor  for  internal 
firewalls,  and  organisations  without  a  border  firewall  will  require  a 
vendor  that  can  satisfy  their  future  internal  firewall  requirements. 

The  only  significant  difference  across  industry  sectors  was  the  insurance 
industry's  slight  preference  for  single  supplier  provision  of  firewall 
products  (85%  compared  with  the  average  of  71%). 

Exhibit  V-1 

Preferred  Source  of  Firewall  Products  (All  Respondents) 

Mix-and-match 


71% 

Sample:  112 
Source:  INPUT 


As  would  be  expected,  the  greatest  proportion  of  firewall  sales  are  made 
by  dedicated  firewall  product  vendors.  Around  30%  of  firewalls  are  sold 
through  indirect  channels  (systems  integrators  and  value-added 
resellers),  although  some  of  the  business  attributed  to  major  IT 
manufacturers  and  independent  software  vendors  is  accounted  for  by 
OEM  arrangements. 

Purchasing  patterns  are  similar  across  UK,  France  and  Germany. 
Respondents  in  the  manufacturing  industry  favour  VARs  over  dedicated 
firewall  vendors  (17%  compared  with  the  average  of  45%  buy  from  a 
dedicated  vendor,  and  37%  compared  with  the  average  of  22%  buy 
through  a  VAR). 
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Exhibit  V-2 


Primary  Sources  of  Firewall  Products  (All  Respondents) 
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c  

Product  Selection  Criteria 

Exhibit  V-3  shows  the  relative  importance  of  product  selection  criteria. 
No  criterion  is  overwhelmingly  important,  with  the  highest  rated 
consideration,  vendor's  additional  services,  rated  at  only  medium 
importance  at  3.3  out  of  5. 

Vendor  relationships  are  more  significant  than  product  loyalty  (having 
worked  with  the  vendor  before  being  rated  at  3.1,  but  having  used  the 
product  before  being  rated  at  only  2.2).  Indeed,  users'  relationships  with 
their  vendors  are  more  important  overall  than  their  views  on  the  product 
or  the  recommendations  of  others:  three  of  the  four  most  important 
criteria  are  related  to  the  customer's  relationship  with  the  vendor. 
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German  respondents  put  relatively  more  importance  on  previous 
interaction  with  their  vendor,  rating  it  at  3.6  compared  with  the  average 
of  3.1.  Magazine  recommendations  were  taken  account  of  slightly  more  by 
respondents  in  the  retail  industry  than  in  banking  (rated  at  2.4  for  retail 
and  1.5  for  banking),  although  it  cannot  be  considered  an  important 
consideration  in  any  sector. 


Exhibit  V-3 


Importance  of  Firewall  Product  Selection  Criteria  (All  Respondents) 
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P  

Future  Firewalls  Requirements  and  Usage 

1.    Change  in  External  Firewall  Use 

Respondents  were  asked  how  they  expected  their  use  of  external  firewalls 
to  change  over  the  next  12  months.  Thirty  seven  respondents  described 
their  expected  change  in  use: 

•  Thirteen  respondents  stated  they  would  increase  their  use  of  user 
•  .  and  traffic  monitoring  features  of  firewalls  to  reduce  Internet 

abuse,  to  control  unauthorised  software  downloads  and  bar  access 
to  specific  domains. 

•  Nine  respondents  stated  they  would  implement  a  policy  of  securing 
all  new  and  future  applications  with  a  dedicated  firewall. 


•  Seven  respondents  stated  they  expected  to  make  more  use  of 
firewall-based  data  encryption,  for  internal  and  external  email  as 
well  as  for  Internet  commercial  transactions. 

•  '  •  Six  respondents  stated  they  would  improve  security  policy  and  user 
awareness/education,  or  to  integrate  firewall  usage  into  overall 
corporate  security  policy. 

•  Six  respondents  stated  they  would  implement  new  firewall-based 
password  mechanisms  such  as  one-time  passwords,  to  avoid  the 
problems  caused  by  static  password  compromise. 

2.    Change  in  Internal  Firewall  Use 

Respondents  were  asked  how  they  expected  their  use  of  internal  firewalls 
to  change  over  the  next  12  months.  Twenty  one  respondents  described 
their  expected  change  in  use: 

•  Eight  respondents  stated  they  would  follow  development  of 
Internet  technologies  (specifically  Intranets,  Network  Computers 
and  Java)  with  corresponding  dedicated  firewalls. 

•  Seven  respondents  stated  they  would  increase  the  deployment  of 
internal  firewalls  to  specific,  sensitive  departments,  or  to  roll  out 
internal  firewalls  to  all  departments. 
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•  Six  respondents  stated  they  would  improve  user  authentication 
techniques  to  control  inter-departmental  access  to  sensitive 
applications  and  data. 

3.    Future  Requirements 

Twenty  two  respondents  stated  which  firewall  features  they  would  like  to 
see  in  the  future  that  they  have  found  unavailable  or  poorly  implemented: 


•  User  authentication — mentioned  by  six  users  who  wanted  to 
implement  access  control  at  the  user  or  desktop  level. 

•  Content  checking — mentioned  by  six  users  who  wanted  application- 
specific  and  context-sensitive  filtering  and  monitoring. 

•  ActiveX  and  Java  support — mentioned  by  four  users  who  were 
concerned  over  potential  security  risks  caused  by  new  and 
emerging  technologies  that  enable  program  code  to  be  access 
remotely  and  executed  locally. 

•  Synchronisation  between  firewalls —  mentioned  by  two  users  who 
wanted  firewalls  to  be  able  to  share  policy  data  and  update  each 
other  with  new  rules  and  application  information. 

•  Internet  spoofing  and  sniffing — mentioned  by  two  users  who 
wanted  to  obviate  packet  sniffing  and  forged  source  and  destination 
address. 

•  Digital  signatures —  mentioned  by  one  user  who  wanted  to  increase 
the  security  of  documents  and  transactions  transmitted  internally. 

•  Enhanced  ease  of  use —  mentioned  by  one  user  who  wanted  a 
consistent,  easy  to  use  firewall  management  GUI. 
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E  

Desirability  of  Services 

Respondents  were  asked  how  desirable  is  each  type  of  external  service 
that  they  have  not  yet  used  (Exhibit  V-4).  The  figures  are  naturally  low — 
respondents  were  rating  only  services  they  had  not  used,  regardless  of 
their  use  of  other  services,  which  would  include  services  that  were  not 
relevant.  However,  responses  were  also  captured  from  users  who  had  not 
yet  used  services  for  other  reasons,  including  unavailability  of  service 
offering,  funding  restrictions,  and  difficulty  in  identifying  a  suitable 
provider. 

No  service  is  in  obvious  great  demand  from  those  who  have  not  used 
them,  but  integration  of  firewalls  into  security  policy  is  rated  the  most 
desirable.  Six  out  of  thirty  seven  respondents  who  described  their 
expected  change  in  external  firewall  usage  expressed  their  intention  to 
improve  security  policy  and  to  integrate  their  firewalls  into  their  overall 
corporate  security  policy. 
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Exhibit  V-4 


Desirability  of  Services  Not  Yet  Used  (All  Respondents) 
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Internal  and  External  Skills,  Requirements  and  Sources 

Unlike  firewall  products,  users  are  split  between  firewall  services 
purchase  preference — approximately  equal  proportions  of  users  prefer  a 
single  supplier  as  opposed  to  multiple  suppliers. 

Slightly  more  UK  users  prefer  to  mix  their  suppliers  (57%),  compared 
with  French  users  who  prefer  slightly  more  to  use  one  supplier  (61%) 
Similarly,  the  retail  industry  appears  slightly  to  favour  a  variety  of 
services  providers  (64%). 
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Preferred  Source  of  Firewall  Services  (All  Respondents) 
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Exhibit  V-6  shows  the  primary  sources  of  external  firewall  services. 
Unlike  firewall  products,  services  tend  not  to  be  purchased  from  a 
dedicated  firewall  vendor,  but  procured  through  a  major  manufacturer  or 
a  channel  provider  (VAR  or  integrator). 
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Exhibit  V-6 


Primary  Sources  of  Firewall  Services  (All  Respondents) 


Major  IT  systems/software 
vendor 


Value-added  reseller 





— 


21% 


21% 


0) 

o 

O 
CO 


System  integrator 


19% 


Dedicated  firewall  vendor 


Software  vendor 


16% 

11% 

 1 — 



 1  

 1  

 \  1 

0% 


5% 


10%  15% 
Proportion  of  Respondents 


20%  25% 


Sample:  117 
Source:  INPUT 


G  

Future  Firewall  Services  Requirements  and  Usage 

Respondents  were  asked  how  they  expected  their  use  of  external  firewall 
services  to  change  over  the  coming  12  months.  Exhibit  V-7  shows  that, 
out  of  58  respondents,  just  over  half  (54%)  expect  to  increase  their  use  of 
services  (whether  they  currently  use  services  or  not).  Only  one 
respondent  expected  to  decrease  existing  use  of  services  (that 
organisation  used  only  implementation  services  and  did  not  expect  to 
deploy  any  more  firewalls  over  the  coming  year). 

Interestingly,  only  10%  of  respondents  both  operated  an  in-house  only 
policy  and  did  not  expect  that  to  change  over  the  next  12  months.  Reasons 
given  for  favouring  external  over  internal  resources  included: 
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•  Lack  of  skills 

•  Lack  of  available  resources 

•  Required  speed  of  development 

•  Cost  effectiveness 

•  Existing  service  contracts 

One  respondent  noted  that  allowing  in-house  staff  to  develop  a  firewall 
(or  any  other  security)  solution  is  in  itself  a  security  risk  and,  for  that 
reason,  would  use  only  external  suppliers. 


Exhibit  V-7 


Change  in  Use  of  Firewall  Services 
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